admin/tainagustului
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

something

Browse Source
This commit is contained in:
Marius Robert Macamete
2025-12-20 18:36:52 +02:00
parent b9de2bcd30
commit d06c9b1bfb
1 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
UI_V2/flask_server.py
View File

@@ -37,58 +37,58 @@ app.logger.addHandler(_handler)
def healthz(): def healthz():
return {"ok": True}, 200 return {"ok": True}, 200
# @app.post("/api/payments/ipn")
# def ipn():
# try:
# # Pass the whole request object, not just request.data
# data = verify_ipn(request)
# app.logger.info("IPN OK: %s", data)
# return jsonify({"errorCode": 0}), 200
# except Exception as e:
# app.logger.exception("IPN verification failed: %s", e)
# return jsonify({"errorCode": 0}), 200
@app.post("/api/payments/ipn") @app.post("/api/payments/ipn")
def ipn(): def ipn():
token = request.headers.get('Verification-Token') or request.headers.get('X-Netopia-Signature')
try: try:
from helpers.netopia import NetopiaSettings
settings = NetopiaSettings.from_env()
public_key = settings.public_key_str.replace('\\n', '\n').strip()
# 1. Try to decode without Audience check first to isolate the Signature # Pass the whole request object, not just request.data
# This tells us if the Public Key actually matches the Private Key used by Netopia data = verify_ipn(request.data)
decoded_data = jwt.decode(
token,
public_key,
algorithms=["RS256", "RS512"],
options={"verify_aud": False}, # Temporarily disable audience check
leeway=60
)
app.logger.info(f"SUCCESS! Verified Data: {decoded_data}")
# 2. Check audience manually
token_aud = decoded_data.get('aud')
expected_aud = settings.pos_signature
# Netopia sends ['SIG'], we expect 'SIG'
if expected_aud not in token_aud and expected_aud != token_aud:
app.logger.error(f"Audience mismatch: Got {token_aud}, expected {expected_aud}")
return jsonify({"error": "Audience mismatch"}), 400
app.logger.info("IPN OK: %s", data)
return jsonify({"errorCode": 0}), 200 return jsonify({"errorCode": 0}), 200
except jwt.InvalidSignatureError:
app.logger.error("DANGER: The Public Key does not match the signature. Check if this is the SANDBOX key.")
return jsonify({"error": "Invalid Signature"}), 400
except Exception as e: except Exception as e:
app.logger.error(f"Verification Failed: {type(e).__name__} - {e}") app.logger.exception("IPN verification failed: %s", e)
return jsonify({"error": str(e)}), 400 return jsonify({"errorCode": 0}), 200
# @app.post("/api/payments/ipn")
# def ipn():
# token = request.headers.get('Verification-Token') or request.headers.get('X-Netopia-Signature')
# try:
# from helpers.netopia import NetopiaSettings
# settings = NetopiaSettings.from_env()
# public_key = settings.public_key_str.replace('\\n', '\n').strip()
# # 1. Try to decode without Audience check first to isolate the Signature
# # This tells us if the Public Key actually matches the Private Key used by Netopia
# decoded_data = jwt.decode(
# token,
# public_key,
# algorithms=["RS256", "RS512"],
# options={"verify_aud": False}, # Temporarily disable audience check
# leeway=60
# )
# app.logger.info(f"SUCCESS! Verified Data: {decoded_data}")
# # 2. Check audience manually
# token_aud = decoded_data.get('aud')
# expected_aud = settings.pos_signature
# # Netopia sends ['SIG'], we expect 'SIG'
# if expected_aud not in token_aud and expected_aud != token_aud:
# app.logger.error(f"Audience mismatch: Got {token_aud}, expected {expected_aud}")
# return jsonify({"error": "Audience mismatch"}), 400
# return jsonify({"errorCode": 0}), 200
# except jwt.InvalidSignatureError:
# app.logger.error("DANGER: The Public Key does not match the signature. Check if this is the SANDBOX key.")
# return jsonify({"error": "Invalid Signature"}), 400
# except Exception as e:
# app.logger.error(f"Verification Failed: {type(e).__name__} - {e}")
# return jsonify({"error": str(e)}), 400
@app.get("/api/payments/status") @app.get("/api/payments/status")